AutoIndex module provides the directory listing capability for Apache. If it's installed and enabled, Apache will show the index of a path or URL if no DirectoryIndex files are present.
Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.
Directory listing is a helpful feature though some might want to disable it for security or any other reason.
You can prevent directory listing for Apache by disabling mod_autoindex, setting appropriate options in the Apache configuration file, or by using .htaccess file.
Methods to disable directory listing in Apache:
If you're hosting on platforms such as cPanel, you can use platform-specific methods to disable Apache's directory listing.
The easiest way is to disable the autoindex module entirely, and disabling the module would affect all the sites hosted on the server.
$ sudo a2dismod --force autoindex #Ubuntu, Debian and SUSE Module autoindex disabled. To activate the new configuration, you need to run: systemctl restart apache2
Options | Debian, Ubuntu | openSUSE and SLES | Fedora Core, CentOS, RHEL | macOS | homebrew | xampp |
---|---|---|---|---|---|---|
a2dismod support | yes | yes | no | no | no | no |
Modules to uninstall | none | |||||
Module name | n/a | autoindex | ||||
Loadmodule directive | n/a | #LoadModule autoindex_module <module_locations>/mod_autoindex.so |
Related: How to manage Apache service
You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.
$ sudo vi /etc/apache2/other/mysite.conf
The configuration could be set globally or from within VirtualHost configuration.
<Directory /var/www/mysite> Options -Indexes </Directory>
Notice that it's -Indexes and not +Indexes
Related: How to manage Apache service
If you don't have administrator access to the system or want to manage directory listing on a per-directory basis easily, you can use the above Options -Indexes directive in .htaccess files.
$ sudo vi /var/www/mysite/.htaccess
Options -Indexes
Comment anonymously. Login not required.